The present invention relates in general to a secure handshake protocol for telecommunications networks. More particularly, the invention relates to a method and an apparatus for providing secure handshake between call parties with minimal overhead before actual data transmission.
Within this application, “TLS” refers to Transport Layer Security. One such protocol is described in “The TLS Protocol”, May 21, 1997, by Tim Dierks and Christopher Allen, Consensus Development. This document has been published as “draft-ietf-tls-protocol-03.txt”, incorporated herein by reference. More particularly, the present invention proposes an improved handshake protocol which is applicable i.a. in protocols like TLS.
A TLS-type protocol comprises several layers, such as:                Upper layer protocols        Handshake protocol/Alert protocol/Application protocol        Record protocol        Transport protocol        Lower level protocols        
FIG. 1 is based on section 7.3 of said TLS draft protocol, and it illustrates a prior art handshake method. In order to keep the specification consistent with said draft, parties A and B are also referred to as “client” and “server”, respectively. (Terms like “hello” and “finished” are also used consistently with said TLS draft.) In step 11, the client A sends a client hello message. This client hello message comprises a list of cipher suites and compression methods supported by the client. Additionally, the message may also comprise a time stamp. In step 12, the server B selects a cipher suite and a compression method. (Optionally, B may also check the timestamp to make sure that the message is not an old message being retransmitted.)
In step 13 the server B responds with a server hello message. The client hello and server hello messages 11 and 13 establish security between the parties, typically by establishing the following attributes: protocol version, session ID, cipher suite and compression method. In connection with the server hello message, the server B sends its own certificate CB to the client A and it requests the client A to send its client certificate CA to the server B. In response to this, in step 14 the client A verifies B's certificate and obtains B's public key EB. In step 15 the client A sends B a finished message, indicating that A has been able to verify B's identity. Additionally, A sends its own certificate CA to B. In step 16, B uses CA to obtain A's public key EA. In step 17, B sends its own finished message to the client A. In connection with verifying its peer's identity, each party independently calculates a shared secret key for this session. Now both parties have exchanged keys, agreed on a cipher suite/compression method and verified the identity of the other party. In step 18, the client A can start transmitting application data.
An essential component in the above protocol are the certificates CA and CB. By means of certificates signed by a mutually trusted authority, each party can verify its peer's identity. A certificate comprises at least its owner's identity (A/B) and public key(s) (EA/EB), period of validity, the issuer of the certificate and the issuer's digital signature. It may also comprise the rights granted to its owner. A suitable mechanism for digital signatures is a reversal of public-key encryption: the issuer signs the certificate with its private key and whoever wants to verify the certificate, does so by using the issuer's public key. A suitable structure for a certificate is specified in ISO standard X.509.
A problem with this prior art handshake protocol is the high overhead required. As seen in FIG. 1, the actual data transmission does not begin until step 18, or after four messages have been transmitted between the parties. In a wireless multiple access system, where the parties A and B are separated by an air interface Um and a public land based mobile network PLMN, the actual messaging is much more complicated than the one shown in FIG. 1. This is because FIG. 1 only shows the actual messages and omits (for clarity) the resource reservation and release steps which are routine for a person skilled in the art, but which are nevertheless indispensable.